CVE-2024-42368

A vulnerability was found in OpenTelemetry, specifically in the github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension. This flaw impacts anyone using the bearertokenauth server authenticator. Malicious clients with network access to the collector may perform...

CVE-2024-42368 open-telemetry has an Observable Timing Discrepancy

OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, and logs. The bearertokenauth extension's server authenticator performs a simple, non-constant time string...

OpenTelemetry 安全漏洞

OpenTelemetry is a vendor-neutral, open source observability framework open-sourced by OpenTelemetry. A security vulnerability exists in OpenTelemetry versions 0.80.0 through prior to 0.107.0, which stems from the possibility that a malicious client with network access to a collector could perfor...

Deno 代码注入漏洞

Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and is built with Rust. A code injection vulnerability exists in Deno versions prior to 0.107.0, which stems from allowing code injection via untrusted YAML files in certain configurations...